Email Delivery

Receive new posts as email.

Email address

Syndicate this site

RSS | Atom


About This Site
Contact Us
Privacy Policy


November 2010
Sun Mon Tues Wed Thurs Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        

Stories by Category

Basics :: Basics
Casting :: Casting Listen In Podcasts Videocasts
Culture :: Culture Hacking
Deals :: Deals
Future :: Future
Hardware :: Hardware Adapters Appliances Chips Consumer Electronics Gaming Home Entertainment Music Photography Video Gadgets Mesh Monitoring and Testing PDAs Phones Smartphones
Industry :: Industry Conferences Financial Free Health Legal Research Vendor analysis
International :: International
Media :: Media Locally cached Streaming
Metro-Scale Networks :: Metro-Scale Networks Community Networking Municipal
Network Types :: Network Types Broadband Wireless Cellular 2.5G and 3G 4G Power Line Satellite
News :: News Mainstream Media
Politics :: Politics Regulation Sock Puppets
Schedules :: Schedules
Security :: Security 802.1X
Site Specific :: Site Specific Administrative Detail April Fool's Blogging Book review Cluelessness Guest Commentary History Humor Self-Promotion Unique Wee-Fi Who's Hot Today?
Software :: Software Open Source
Spectrum :: Spectrum 60 GHz
Standards :: Standards 802.11a 802.11ac 802.11ad 802.11e 802.11g 802.11n 802.20 Bluetooth MIMO UWB WiGig WiMAX ZigBee
Transportation and Lodging :: Transportation and Lodging Air Travel Aquatic Commuting Hotels Rails
Unclassified :: Unclassified
Vertical Markets :: Vertical Markets Academia Enterprise WLAN Switches Home Hot Spot Aggregators Hot Spot Advertising Road Warrior Roaming Libraries Location Medical Public Safety Residential Rural SOHO Small-Medium Sized Business Universities Utilities wISP
Voice :: Voice


November 2010 | October 2010 | September 2010 | August 2010 | July 2010 | June 2010 | May 2010 | April 2010 | March 2010 | February 2010 | January 2010 | December 2009 | November 2009 | October 2009 | September 2009 | August 2009 | July 2009 | June 2009 | May 2009 | April 2009 | March 2009 | February 2009 | January 2009 | December 2008 | November 2008 | October 2008 | September 2008 | August 2008 | July 2008 | June 2008 | May 2008 | April 2008 | March 2008 | February 2008 | January 2008 | December 2007 | November 2007 | October 2007 | September 2007 | August 2007 | July 2007 | June 2007 | May 2007 | April 2007 | March 2007 | February 2007 | January 2007 | December 2006 | November 2006 | October 2006 | September 2006 | August 2006 | July 2006 | June 2006 | May 2006 | April 2006 | March 2006 | February 2006 | January 2006 | December 2005 | November 2005 | October 2005 | September 2005 | August 2005 | July 2005 | June 2005 | May 2005 | April 2005 | March 2005 | February 2005 | January 2005 | December 2004 | November 2004 | October 2004 | September 2004 | August 2004 | July 2004 | June 2004 | May 2004 | April 2004 | March 2004 | February 2004 | January 2004 | December 2003 | November 2003 | October 2003 | September 2003 | August 2003 | July 2003 | June 2003 | May 2003 | April 2003 | March 2003 | February 2003 | January 2003 | December 2002 | November 2002 | October 2002 | September 2002 | August 2002 | July 2002 | June 2002 | May 2002 | April 2002 | March 2002 | February 2002 | January 2002 | December 2001 | November 2001 | October 2001 | September 2001 | August 2001 | July 2001 | June 2001 | May 2001 | April 2001 |

Recent Entries

In-Flight Wi-Fi and In-Flight Bombs
Can WPA Protect against Firesheep on Same Network?
Southwest Sets In-Flight Wi-Fi at $5
Eye-Fi Adds a View for Web Access
Firesheep Makes Sidejacking Easy
Wi-Fi Direct Certification Starts
Decaf on the Starbucks Digital Network
Google Did Snag Passwords
WiMax and LTE Not Technically 4G by ITU Standards
AT&T Wi-Fi Connections Keep High Growth with Free Service

Site Philosophy

This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.


Entire site and all contents except otherwise noted © Copyright 2001-2010 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.

Powered by
Movable Type

« Violate the Laws of Physics and Win a Student Prize | Main | Exposing Municipal Broadband Franchises: Anaheim on Top »

October 24, 2005

Weak Defense...But Getting Better

The latest update in our rolling feature on wireless security: Oct. 24, 2005: This articles describes concerns and best practices for wireless security and is periodically revised.

Worried about your wireless network's default security? You should be.

Wireless networks send their data through walls and ceilings, and can be picked up with sensitive antennas -- much more sensitive than the ones your equipment uses -- miles away. With this kind of transparency, you need to protect the data on your network, even if you're a casual home user.

The only tool for consumers and small businesses until mid-2003 was the built-in WEP (Wired Equivalent Privacy) encryption that's required as part of the Wi-Fi certification program. But security experts have shown numerous flaws in WEP that prevent it from providing even a minimal reliable level of security for serious applications. Recent tools show that WEP can be cracked in just a few minutes on a busy network.

Businesses had a strapped-together system they could use called 802.1X/EAP, but standardization for securing it (a separate problem), missing clients in older machines, back-end server requirements, and its reliance on WEP all prevented initial widespread adoption. That's changed, and is part of this article.

Fortunately, in November 2002, the Wi-Fi Alliance, a group trade that certifies 802.11a, b, and g devices as interoperable, released an interim replacement for WEP and other aspects of Wi-Fi security that changed the landscape. This newer standard is called WPA (Wi-Fi Protected Access). In mid-2004, the engineering group responsible for wireless standards ratified IEEE 802.11i, the full replacement for WEP and a superset of the features found in WPA. This newest standard is called WPA2 and is widely available, too.

WEP's Weakness

WEP's initial goal was to provide a level of security that conformed to the difficulty of tapping Ethernet network traffic. In the case of wired Ethernet, you would need physical access to a network to sniff packets and intercept data. WEP's minimal security should have met at least that level of protection. Unfortunately, WEP failed because of flaws in the conception and implementation of the protocol.

Some of these flaws were a result of computational limits when the specification was being developed: the number crunching expected to be available on the Wi-Fi cards was orders of magnitudes lower than that available even in 1999. Other flaws had to do with then-current export restrictions on strong encryption, which limited one flavor of WEP to just 40 bits.

Several articles appeared on Aug. 4, 2001, about an academic paper authored by notable encryption and security experts which that explained how insufficient randomness and insufficient key space meant that a cracker could sniff relatively few packets to crack a WEP key -- just a few million packets of data at most (or a few tens of thousands at least) using software that showed up a few days after the paper was released. The paper and subsequent work showed that even a 128-bit key (really 104 bits) could be broken without an exponential increase in time -- just slightly longer.

Developments in late 2004 showed that enormously fewer packets were needed to crack most busy networks, and that networks might be crackable within just a few minutes depending on key choice and other factors.

WEP's other primary problem was bad packet integrity checking, meaning that an interloper could insert or modify data in transit without being caught.

WEP's Threat to Users and Organizations

Initially, cracking WEP required some expertise. But widely available, simple-to-use software now makes it a snap for even a casual cracker to extract a WEP key from a home or business network. Home users with less-busy Wi-Fi networks are less likely to be cracked both for reasons of intent--someone might not bother--and time. The fewer the packets, the longer it takes to crack a network and gain access to the traffic passing over it.

However, it's also been shown that an active attack could provoke an access point to produce packets in the quantities, but no software has been seen that carries out this attack.

Corporations relying on 802.1X network authentication systems that can automatically swap WEP keys after a certain number of packets may still have problems because more recently discovered methods of cracking WEP keys reduce the threshold for data interception down below the number of packets sent before the authentication system changes the key.

Corporations had been advised to only allow encrypted tunneled access using virtual private network (VPN) protocols from access points, thus limiting risk. Some networks have turned off protection at the access point, focusing efforts entirely on the VPN tunnel for this reason.

In both home and business cases, it's clear that WEP needed to be replaced with something better, and for home users, something easier to configure and not worry about.

WEP's Replacement

The IEEE task group that was responsible for security, 802.11i, developed a compromise solution that looked backwards to fix WEP and forwards to replace it without losing compatibility. The solution looking backwards is TKIP (Temporal Key Integrity Protocol), a way of fixing the flaws in WEP by creating a longer, better initialization vector (IV) of 48 bits; increasing randomness; using a master key from which other keys are derived; and mixing keys and IVs in such a way that each packet has its own unique key. The keyspace, or number of possible keys that can be used, would take 100 years of continuous transmission to exhaust.

The new spec also fixes packet integrity by using a more advanced method of detecting tampering, and putting this information in the encrypted part of the frame instead of sending it in the clear.

The forward-looking part of 802.11i adds AES-CCMP (Advanced Encryption Standard) for an essentially impregnable hiding of data that supports longer and a cryptographically more secure stream of data than TKIP. AES is quite widely used and has been adopted by the US government. The specific AES type included in 802.11i, CCMP (Counter Mode CBC-MAC Protocol), is the same length as TKIP keys: 128 bits. However, its underlying algorithm is much stronger. Most Wi-Fi chips released in late 2002 and beyond include the necessary support for AES.

The 802.11i spec in its implemented form includes support for the 802.1X and EAP (Extensible Authentication Protocol) protocols. 802.1X is a way of defining roles so that a client can connect to access point and have limited access -- a client can only talk to the access point but not see the rest of the network until the access point queries the client and relays its messages back and forth to an authentication server which confirms the client's identity. EAP is the messaging standard used to talk among the three roles.

The same 802.1X authentication system can be used to rekey regularly during a user's session by having a timeout value for the key (it's not required), and to provide unique master keys which correspond to each client from which the client and AP derive necessary keys, further reducing the risk of interception, and ensuring that no one gaining access can sniff other traffic passing over the air.

While 802.11i was ratified in mid-2004, it took until mid-2005 for firmware updates offering the full suite under the WPA2 label to appear. Most manufacturers, even of consumer gear, have full WPA2 firmware and driver upgrades available at no cost on their Web sites. But before WPA2 was available, an interim measure was needed.

The Interim Solution: WPA and 802.1X/EAP as WPA Enterprise

With security hurting the deployment of wireless LANs as well as consumer confidence over their networks being used or snooped, The Wi-Fi Alliance stepped into the void that stands between the current broken standards and 802.11i's adoption.

In early November 2002, they announced WPA (Wi-Fi Protected Access), an interim version of 802.11i that adopts TKIP-based fixes to WEP, adds the packet integrity upgrade, and introduces standardized and tested support for 802.1X/EAP network authentication, including one form of secured EAP. The Wi-Fi Alliance started certifying devices as WPA compliant in the summer, and became a required part of certification for new Wi-Fi devices as of September 2003. (802.11i has a few extras, like the AES key and quick re-authentication as a client passes among different access points, that are part of WPA2.)

WPA Personal, the consumer flavor of WPA, lowers the bar for end users to deploy security by requiring that clients and access points can use a shared network password (technically called the pre-shared key or PSK).

Unlike the passphrase employed in WEP implementations which merely converts ASCII into hex (and thus further weakens a WEP key), the WPA password actually creates a cryptopgraphic outcome that's sufficiently random to increase the difficulty in breaking a key in that unlikely event. Because consumers need only enter a password, this improves the likelihood they'll use it. WPA will fall back to WEP if even a single device on a network cannot use WPA, although only SMC Networks seems to sell equipment that supports both WEP and WPA at the same time.

(A side note: researcher Robert Moskowitz detailed in a white paper that WPA passphrases that contain dictionary words and are less than 20 characters long could be susceptible to cracking -- choose your passphrases wisely. The WPA crack is possible in part because an intruder can cause an access point to regenerate the key exchange with the client in under a minute; that key exchange is secured, but it can be extracted and then cracked offline and away from the network. Vendors have worked to solve this by removing the customer from the key creation process: Buffalo AirStation One-touch Secure Setup (AOSS), Broadcom SecureEasySetup, and Atheros JumpStart for Wireless. See this article outlining for an explanation of these systems.)

The entire industry responded fairly rapidly, and virtually all 802.11g devices added WPA support partly because the Wi-Fi Alliance mandated it in new equipment. Not all older devices were upgradable, and almost no older access points; most older devices definitely don't support the full 802.11i/WPA2 standard because they can't handle AES keys.

Several companies did release WPA upgrades for 802.11b devices, some of which were first released in 1999. (See this article for details on WPA support in older cards and where to download upgrades.)

WPA2: The Final Piece

WPA2 Support was the final piece of the puzzle for full 802.11i support. The Wi-Fi Alliance started certifying devices in winter 2005, and firmware upgrades appeared by summer for most devices, consumer and enterprise alike.

The WPA2 certification has been important for government and education that wanted security at the highest level to conform to privacy, security, and securities (financial) laws. The lack of AES encryption held back wireless deployment in a number of industries, as well.

Remaining Standards Problem in 802.1X/EAP

Companies that wanted to deploy WPA as part of an 802.1X system--what the Wi-Fi Alliance calls WPA Enterprise--faced one remaining problem. EAP is not a secure protocol: it sends its messages in the clear. A method of creating an encrypted EAP session using TLS (Transport Layer Security) appeared, and was shipped by Microsoft and others as EAP-TLS, but it requires installing client certificates on every computer that wants to connect. It also leaves some useful information in the clear, although it's seemingly impossible to exploit that information. (TLS is a slightly updated version of SSL, the last version of which TLS supports for compatibility's sake.)

EAP-TLS offers mutual authentication, however, in which the client and authentication server can verify each other's identity before the transaction starts.

Two fixes to the problem appeared in the form of EAP-TTLS (Tunneled TLS) and PEAP (Protected EAP). Both methods first start a TLS session using a server-side certificate, and then pass authentication using an inner method for the actual credentials. The inner methods are numerous with TTLS and limited with PEAP. Meetinghouse and Funk support TTLS, as well as PEAP; Microsoft and Cisco developed and promote PEAP.

Oddly, Microsoft and Cisco couldn't agree on a single PEAP version. Microsoft's PEAPv0 has one inner authentication method that's not compatible with Cisco's PEAPv1. Cisco doesn't seem entirely tied to its methods, however, and Microsoft's flavor dominates.

(Even more confusingly, Cisco has also developed a successor to its early Lightweight EAP (LEAP) standard partly because LEAP is now so easily cracked; EAP-FAST has no advantages over PEAP or TTLS, but is merely a migration path for LEAP customers not ready to deploy PEAP or TTLS.)

Microsoft has shipped PEAP updates to Windows XP and 2000, and was expected to follow with Windows 98 (both versions), NT 4.0, and Me--but it appears they've dropped that plan years ago. (A free WPA client for Windows 2000 is available from Wireless Security Corporation--now part of McAfee--to enable WPA with 802.1X/PEAP or for WPA Personal.)

Meetinghouse offers a range of PEAP support for the same platforms as for EAP-TTLS, including Linux, all modern Windows (post 95) flavors, Mac OS X, and Solaris. Apple included PEAP, EAP-TLS, EAP-TTLS, and EAP-MD5 support over 802.1X in its Mac OS X 10.3 (Panther) release. Other security software firms are fully supporting PEAP plus other secure EAP methods.

The Wi-Fi Alliance now offers testing for five EAP types for WPA/WPA2 certification: EAP-TLS (part of the original WPA test suite, although formally required, just de facto), EAP-TTLS/MSCHAPv2 (common TTLS method), PEAPv0/EAP-MSCHAPv2 (Microsoft's version), PEAPv1/EAP-GTC (Cisco's version), and EAP-SIM (of wide interest to cell operators for Wi-Fi/cell authentication convergence).

PEAP's success appears to be a given as time continues to pass and more companies give up legacy authentication in favor of EAP methods which would be fully supported under PEAP, and as third parties continue to support the encrypted standard.

All of these EAP methods still have certain amounts of risk in part because of the potential for authentication information to be wormed out of less secure systems, and then broken through brute force offline. William A. Arbaugh maintains a list of currently well-known problems; it's a constantly updated site.

With a secured EAP method, however, enterprises have an extremely low risk and extremely high protection with all that is known today. WPA Enterprise even solves the weak WPA key possibility: servers that offer WPA Enterprise issue unique keys to each user that are randomly generated and are the full maximum bit-length available.

How to Add Enterprise Security

Home users can rely on WPA Personal with a strong passphrase as the best method of protecting their network; they can even turn on WPA2 Personal if they want the added, but unnecessary, security. But even small businesses need the flexibility of user accounts and passwords that are simple for the network's users and can be revoked or have other policies applied on a per-user basis.

On the high end, large enterprises with IT staff and budgets can turn to existing RADIUS and AAA providers for full WPA Enterprise support that will features full WPA2 key support when that certification is finalized. These companies include Funk, Meetinghouse, Microsoft (Windows Server 2003), and many others.

Small- to medium-sized businesses have several options open to them that shipped in the last year or so that are designed as either a low monthly recurring cost per user for outsourced authentication or a reasonable fixed flat or per-user fee for in-house servers.

I've written about both outsourced and in-house authentication solutions at Mobile Pipeline.


Eternal vigilance is the price we pay for a standard that deployed faster than security improved. It took years, but we now have a robust and trustworthy replacement for broken encryption methods.

1 Comment

It's worth noting that wpa_supplicant, an open-source WPA supplicant piece from Jouni Malinen (also primary developer of the HostAP driver for Prism-based 802.11 cards), supports many flavors of EAP: EAP-TLS, PEAPv0, PEAPv1,

Many other EAP methods are supported too, as well as support for WPA-Personal. wpa_supplicant can be obtained at or some distros like Ubuntu include it now by default.

The software can be used with drivers for Atheros cards, Prism cards, and the Linuxant DriverLoader that will allow you to load Windows NDIS drivers in Linux. This last option is one of the only ways you can use Broadcom-based 802.11b/g radio cards in Linux.